Devices Like Cable Boxes Figured in Internet Attack
By NICOLE PERLROTH
Published: March 29, 2013
SAN FRANCISCO — In the aftermath this week of one of the most powerful
attacks on the Internet, finger-pointing quickly ensued.
Jim Wilson/The New York Times
Paul Vixie of Internet Software Consortium is studying how online attacks work.
Related
-
Provocateur Comes Into View After Cyberattack (March 30, 2013)
-
Bits Blog: Dispute on Spam Stirs Big Assault on the Internet (March 27, 2013)
More Tech Coverage
News from the technology industry, including start-ups, the Internet, enterprise and gadgets.
On Twitter: @nytimesbits.
On Twitter: @nytimesbits.
The organization most suspected, victims said, was Stophaus, an elusive
group of disgruntled European Internet users, although Sven Olaf
Kamphuis, its spokesman, denied he was responsible for the attacks. At
the same time, he shifted blame to Russian Internet service providers,
which he said were retaliating against Spamhaus, a European anti-spam
group, for blacklisting them.
But the real enablers of the attack were the operators of more than 27
million computers around the globe who left their equipment wide open to
a motivated attacker. Those enablers are not just companies, but
regular people with home cable boxes.
“There is a big possibility that you are part of the problem without
even knowing it,” said Paul Vixie, chairman of the Internet Software
Consortium, a nonprofit company responsible for the software used by
many of the servers that power the Internet.
The servers the attackers used — what the Internet community calls open
recursive servers or, more commonly, open resolvers — are simply home
Internet devices, corporate servers, or virtual machines in the cloud
that have been sloppily configured to accept messages from any device
around the globe.
Open resolvers have been set up in such a way that they are not unlike
the naïve users of public Wi-Fi who forget to turn off their
file-sharing settings, so that any hacker on the Internet can creep
inside the computer. It’s similar to PC users who do not realize that by
not updating their software, they let their computers get infected with
malware and used as a zombie in a cyberattack.
The difference is that if you think of a computer as a digital weapon,
then an open resolver is a machine gun. Attackers can use open resolvers
to amplify the strength of a cyberattack by a factor of 100.
In this week’s attack on Spamhaus and the company hired to fight it,
CloudFlare, attackers made use of more than 100,000 open resolvers to
inflict an attack that reached 300 billion bits per second, the largest
such attack ever reported. When they could not take down those targets,
they aimed and fired open resolvers at the world’s major Internet
exchanges, first London, then Amsterdam, Frankfurt and then Hong Kong.
“At some point, we thought, ‘They are going to hit everything at once,
and that’s when this gets real,’ ” said Matthew Prince, the chief
executive of CloudFlare. “That’s the nightmare scenario that hasn’t
happened — yet.”
“We’ve now seen an attack that begins to illustrate the full extent of the problem,” Mr. Prince wrote in a blog post.
Closing an open resolver, unfortunately, is not as simple as flipping a
switch or downloading some software. Finding out if your home cable box
is an open resolver, for instance, requires you to call your cable
company and tell them that you do not want to be running an open
resolver — a tough request when most of the world’s population does not
even know what an open resolver is.
Recent efforts have been made to increase awareness of the issue.
Computer security experts have recently started “naming and shaming” the
operators of open resolvers. The DNS Measurement Factory, one such
group, published a survey of top offenders by network, and more recently
the Open Resolver Project published a full list of the 27 million open
servers online.
The campaign is making slow progress; thousands dropped off those lists in the last few months.
But Dr. Vixie calls the open resolvers just the low-hanging fruit. Even
if they were all fixed tomorrow, there are other types of servers that
could just as easily be used to amplify an attack, a fact that hackers
are eager to point out.
- 1
- 2
end quote from:
http://www.nytimes.com/2013/03/30/technology/devices-like-cable-boxes-figured-in-internet-attack.html?partner=yahoofinance
Like it says above if you changed all the open resolvers and Servers around the world to not be vulnerable it is quite likely you would end the Internet as we now know it. This is why I think you might begin to see National Firewalls around nations or even Areas like States to protect local cyber Infrastructure from this type of thing. However, if this is done it will end the Internet at least as we now know it in the free world. However, after people did what they did last week I don't think governments and businesses want to see this sort of thing happen again and affect their businesses and bottom lines the way this did. This cost everyone a lot of money that does business over the Internet.
Like it says above if you changed all the open resolvers and Servers around the world to not be vulnerable it is quite likely you would end the Internet as we now know it. This is why I think you might begin to see National Firewalls around nations or even Areas like States to protect local cyber Infrastructure from this type of thing. However, if this is done it will end the Internet at least as we now know it in the free world. However, after people did what they did last week I don't think governments and businesses want to see this sort of thing happen again and affect their businesses and bottom lines the way this did. This cost everyone a lot of money that does business over the Internet.
No comments:
Post a Comment